Christopher Schultz wrote:
Mark, Mark Thomas wrote: | This attack requires luring a user who is already logged in to a webapp | running on a vulnerable Tomcat server to a malicious site. With a | suitably crafted URL, the attacker is able to steal the authentication | cookie for the user who was lured to the malicious site. It is the user | that is lured who is the 'current user'. Maybe I'm not reading the OP's reference correctly (http://securitytracker.com/alerts/2007/Aug/1018557.html) but it looks like the URL provided (in the "exploit") doesn't demonstrate what you describe.
You are reading the reference correctly. The example is simple but was enough to convince the security team that session hijacking was possible.
When it comes to a choice of trying to produce a POC for what we believe to be the worst case scenario or working on a fix, the fix is usually all we have time for.
Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
